<<<
Wednesday, September 1, 2010
>>>
 
Twitter Spam and the OAuthcalypse Posted by Sean @ 15:36 GMT

Twitter discontinued support for basic user authentication in third-party applications yesterday morning.

Good. It's always best to never share your password with a third-party. Even if you trust them, their database could be compromised, and your password along with it. The discontinuation of basic user authentication also removes the vector of brute force password attacks via Twiter's API.

All third-party applications must now use Twitter's OAuth.

OAuthcalypse

So, that being the case… we have a feature request.

The other day, we came across some Twitter spam using a bit.ly link that pointed to an application called "Lady Gaga photos".

OAuthcalypse

If you "Allow" the application, two things will happen: the account tweets spam and follows two new accounts (emoboyxx3 and BoyGeorge).

We don't suspect Boy George is behind this…

OAuthcalypse

Okay, so it's a spam application. Time to visit Settings/Connections and revoke its access.

OAuthcalypse

And here's our feature request, we want a "Revoke Access and report as a spam application" as well as the "Revoke Access" option.

Cheers!






<<< When do 258 tweets equal nearly half a million dollars?
|
Fake Passports >>>